Which serverless cloud provider is covered be “overly permissive service access” compliance check?

A customer has serverless functions that are deployed in multiple clouds.

Which serverless cloud provider is covered be “overly permissive service access” compliance check?
A . Alibaba
B . GCP
C . AWS
D . Azure

View Answer

Answer: C

Explanation:

Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/compliance/serverless.html

The serverless cloud provider covered by the “overly permissive service access” compliance check is AWS (Amazon Web Services). AWS Lambda, which is the serverless computing platform provided by

AWS, may have functions that are assigned more permissions than they require to perform their operations, leading to security risks.

In the context of CSPM tools, such as Prisma Cloud, checks for overly permissive service access would typically include examining the policies attached to AWS Lambda functions to ensure that they adhere to the principle of least privilege. Such checks help identify and rectify overly broad permissions that could potentially be exploited by attackers.

The reference for this can be found in AWS best practices for Lambda security, which emphasize the importance of granting minimal privileges necessary for the Lambda function to perform its tasks, thereby reducing the potential attack surface.